VLAN frame format

ABSTRACT

In a network device such as a network switch having a port coupled to a communications medium dedicated to a single virtual local area network and another port coupled to a communications medium shared among multiple virtual local area networks for transmitting data frames between the dedicated communications medium and the shared communications medium, a method of identifying the virtual network associated with each data frame received by the network switch when transmitting the data frames over the shared communications medium. The method comprises receiving data frames from the dedicated communications medium coupled to one port, and, with respect to each data frame so received, inserting a new type field and a virtual network identifier field. The contents of the new type field indicate the data frame comprises a virtual network identifier field. The method further includes placing a value in the virtual network identifier field identifying the virtual network associated with the data frame and transmitting the data frame over the shared communications medium. Upon receipt of the data frames from over the shared communications medium, another network device can discern from the virtual network identifier field in each data frame the virtual network from which the data frames were received and determine whether to forward the data frames accordingly.

NOTICE: More than one reissue application has been filed for the reissueof U.S. Pat. No. 6,111,876. The reissue applications are U.S.application Ser. No. 10/225,708, now Reissue Pat. No. RE40,999, issuedon Nov. 24, 2009, and U.S. application Ser. No. 12/459,465, now ReissuePat. No. RE44,775, issued on Feb. 25, 2014, which is a divisionalreissue of U.S. application Ser. No. 10/225,708, now Reissue Pat. No.RE40,999. The present U.S. application Ser. No. 13/728,698, filed onDec. 27, 2012 which has been filed during the pendency of U.S.application Ser. No. 12/459,465, now Reissue Pat. No. RE44,775, is adivisional reissue of U.S. application Ser. No. 12/459,465, now ReissuePat. No. RE44,775, which is a divisional reissue of U.S. Pat. No.6,111,876.

Other reissue applications include: U.S. application Ser. No.13/728,787, filed Dec. 27, 2012, now Reissue Pat. No. RE45,065, issuedon Aug. 5, 2014, which is a continuation reissue of U.S. applicationSer. No. 12/459,465, now Reissue Pat. No. RE44,775; U.S. applicationSer. No. 13/728,823, filed Dec. 27, 2012, now Reissue Pat. No. RE45,081,issued on Aug. 19, 2014, which is a continuation reissue of U.S.application Ser. No. 12/459,465, now Reissue Pat. No. RE44,775; U.S.application Ser. No. 13/728,838, filed Dec. 27, 2012, which is acontinuation reissue of U.S. application Ser. No. 12/459,465, nowReissue Pat. No. RE44,775; U.S. application Ser. No. 13/728,846, filedDec. 27, 2012, now Reissue Pat. No. RE45,095, issued on Aug. 26, 2014,which is a continuation reissue of U.S. application Ser. No. 12/459,465,now Reissue Pat. No. RE44,775; U.S. application Ser. No. 13/728,867,filed Dec. 27, 2012, which is a continuation reissue of U.S. applicationSer. No. 12/459,465, now Reissue Pat. No. RE44,775; U.S. applicationSer. No. 13/728,770, filed Dec. 27, 2012, which is a continuationreissue of U.S. application Ser. No. 12/459,465, now Reissue Pat. No.RE44,775; U.S. application Ser. No. 13/728,747, filed Dec. 27, 2012,which is a divisional reissue of U.S. application Ser. No. 12/459,465,now Reissue Pat. No. RE44,775.

This application is a continuation-in-part of United States patentapplication entitled, “VLAN FRAME FORMAT”, Ser. No. 08/613,726, filed onMar. 12, 1996, now U.S. Pat. No. 5,959,990.

COPYRIGHT NOTICE

Contained herein is material which is subject to copyright protection.The copyright owner has no objection to the facsimile reproduction ofthe patent disclosure by any person as it appears in the Patent andTrademark Office patent files or records, but otherwise reserves allrights to the copyright whatsoever.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to the field of data communications. Morespecifically, the present invention relates to a method and frame formatfor preserving in a data frame the virtual local area network (VLAN)associated with the data frame as determined by a network device fromwhich the data frame was received when transmitting the data frame overa communications medium shared among multiple VLANs. The method andframe format are equally applicable when the network device usescriteria in addition to or instead of the ingress port to associate aVLAN with the data frame.

2. Description of the Related Art

A small baseband local area network (LAN) typically connects a number ofnodes, e.g., a server and workstations, to a shared communicationsmedium wherein all nodes compete for available bandwidth on the sharedcommunications medium. In an Ethernet or Institute of Electrical andElectronics Engineers (IEEE) 802.3 standard local area network, when anode transmits a unicast data frame on the network, every node coupledto the shared medium receives and processes the data frame to determineif it is the node to which the data frame is destined. Moreover, when astation transmits a broadcast data frame on the network, all nodes seethe data frame and must process it to determine whether they shouldrespond to the broadcasting node. As the number of nodes coupled to themedium increase, data traffic can become congested, resulting in anundesirable level of collisions and network related delays intransmitting data frames, which in turn results in network and nodeperformance degradation.

A common prior art method of reducing congestion is to separate a LANinto multiple LAN segments by way of a network device, such as a bridgeor network switch, operating at the Media Access Control (MAC) sublayerof the Data Link layer (layer 2) of the International StandardsOrganization (ISO) Open Systems Interconnection (OSI) reference model.While all nodes in the data network may still belong to the samebroadcast domain, that is, each node still transmits and receivesbroadcast data frames to/from all nodes on all LAN segments in thenetwork, nodes sharing the same LAN segment see only unicast data framesgenerated by or destined to a node on the same LAN segment. Given thatthe bulk of data traffic on a LAN is unicast in nature, segmentation maysomewhat reduce collisions and traffic related performance problems.

However, as the number of LAN segments and nodes per segment increasesin the same broadcast domain, the nodes can become overburdenedprocessing broadcast data frames. It may be desirable under suchcircumstances to separate the growing data network into multiplebroadcast domains. One possible approach to creating multiple broadcastdomains is to separate one or more LAN segments using a network devicesuch as a router, operating at the Network layer (layer 3) of the OSIreference model. With reference to FIG. 1, a data network 10 isillustrated wherein a number of internet-working devices are installedto reduce traffic levels on each LAN segment. A router 100 separates LANsegments 103, 110 and 120 into one broadcast domain 11, and LAN segments105, 130 and 140 into another broadcast domain 12.

For example, router 100 only forwards a unicast data frame from a nodeon LAN segments 103, 110 or 120 that is specifically addressed (at layer3 of the OSI model) to a node on LAN segments 105, 130 or 140, and viseversa. Network devices 101 and 102 may be, for example, networkswitches. Network switch 101 separates LAN segments 103, 110 and 120 toreduce unicast traffic on each segment while the segments still remainin the same broadcast domain 11. Network switch 102 functions in asimilar manner with respect to LAN segments 105, 130 and 140.

LAN segments 110, 120, 130 and 140 may have multiple nodes attached. Forexample, LAN segment 110 has nodes 111 and 112 coupled to it, andfunctions, therefore, as a shared communications medium, wherein thenodes share the available bandwidth (e.g., 10 million bits per second ina traditional Ethernet carrier sense, multiple access data bus withcollision detection [CSMA/CD]). LAN segments 103 and 105, on the otherhand, are dedicated LAN segments, therefore, nodes 104 and 106 have allavailable bandwidth to themselves. For example, nodes 104 and 106 may beservers requiring greater bandwidth. Dedicated LAN segments 103 and 105may be any technology supporting delivery of Ethernet or IEEE 802 LLCdata frames including CSMA/CD or Fiber Distributed Data Interface (FDDI)segments operating at 100 million bits per second, or AsynchronousTransfer Mode LAN emulation service running over segments operating at155 million bits per second.

The router 100 has the further advantage of allowing for theimplementation of policy restrictions among networkadministrator-defined groups in the network. For example, it may bedesirable to prohibit nodes in broadcast domain 12 from communicatingwith nodes in broadcast domain 11 using any protocol except thosespecifically allowed by the network administrator.

However, as can be seen in FIG. 1, data network 10 involves significanthardware and software expenses associated with two network switches, arouter, and the multiple communication lines required to achievemultiple broadcast domains. Moreover, a significant amount ofadministrative overhead is required to maintain the configuration andoperation of the internetworking devices as required, for example, whena node is moved from one segment to another segment in the same ordifferent broadcast domain. Thus, it is desirable to implement the datanetwork 10 of FIG. 1 using a single network switch and virtual localarea networks (VLANs).

FIG. 2A illustrates data network 10 using a single network switch 200and virtual local area networks (VLANs) to create multiple broadcastdomains 11 and 12. A VLAN is a logical local area network comprised of aplurality of physical local area networks as determined by some networkadministrator-defined criteria, e.g., grouping local area networks basedon geographical topology of the data network, or businessunits/functions of a company, such as finance or engineeringdepartments. Such VLANs are generally configured based on the pointswhere the physical LANs enter a switched network. For example, networkswitch 200 is configured such that ports 201 through 203 and 207 belongto VLAN 210, and ports 204-206 belong to VLAN 220. LAN segments 103, 110and 120 coupled to ports 201-203, respectively, belong to VLAN 210. LANsegments 130, 140 and 105 coupled to ports 204, 207, and 205,respectively, belong to VLAN 220. The configuration of data network 10in FIG. 2A is relatively less expensive than the configuration of datanetwork 10 in FIG. 1 in that only one switch is required. Moreover,since VLANs are configured at network switch 200, a networkadministrator can maintain configuration and operation of the networkwithout concern for moving a node from one LAN segment to another LANsegment in the same VLAN.

When the system grows beyond the capacity of a single switch or whengeographical constraints create a need for switching capacity at morethan one site, additional switches are added to the network. FIG. 2Bshows the addition of switch 300 to the network shown in FIG. 2A. LANsegment 190 is used to link switch 300 to switch 200. Switch 300supports segments 150 and 160 in VLAN 210 and segments 170 and 180 inVLAN 220.

In the prior art, when switch 200 receives a broadcast packet from VLAN210, station 104, it forwards the packet out all of its other VLAN 210ports (202, 203 and 207) and also forwards it from port 208 to switch300. Switch 300 examines the MAC source address (i.e., the ISO layer 2source address) and based on a prior exchange of information with switch200 is able to determine the proper VLAN to use for frames from thatsource address, in this case, VLAN 210. Based on this determination,switch 300 forwards the frame to all of its VLAN 210 ports (e.g., ports302 and 303).

The success of this approach depends on prohibiting frames having thesame MAC source address from appearing on multiple VLANs. However, theprohibition makes this approach unusable in some networks. To workaround this problem, some prior art implementations use additionalfields within the packet, such as the ISO layer 3 source address, toresolve ambiguities. However, even this approach does not work in allcases, as there are many types of frames which do not contain sufficientinformation to make a reliable VLAN determination. Examples of suchframes include Internet Protocol (IP) BOOTP requests, IPX Get NearestServer requests and frames from non-routable protocols.

All messages (in the form of a data frame) transferred between nodes ofthe same VLAN are transmitted at the MAC sublayer of the Data Link layerof the OSI reference model, based on each node's MAC layer address.However, there is no connectivity between nodes of different VLANswithin network switch 200 or 300.

For example, with reference to FIG. 2A, even though all physical LANsegments 103, 105, 120, 130, and 140 are connected to ports on networkswitch 200, the VLAN configuration of switch 200 is such that nodes inone VLAN cannot communicate with nodes in the other VLAN via networkswitch 200. For example, node 104 can communicate with node 122 butcannot communicate with node 142 by way of switch 200. Rather, router100 connects VLAN 210 to VLAN 220 via communications mediums 101 and 102respectively, so that node 104 can communicate with node 142. Messagestransferred between nodes of different VLANs are most often transmittedat the Network layer of the OSI reference model, based on the Networklayer address of each node, e.g., an Internet Protocol (IP) address.Router 100 also allows a network administrator to configure appropriatepolicy restrictions and security rules to reduce unnecessary or unwantedtraffic in data network 10.

Using a routing function to transfer data frames between VLAN 210 andVLAN 220 as illustrated in FIG. 2B is inappropriate, however, for dataframes of protocol suites that do not support a network layer protocol,e.g., DEC LAT or NetBIOS. To deal with this problem, routers commonlyprovide a capability for bridging frames of non-routable protocols. Forexample, assume node 106 in VLAN 220 uses the DEC LAT protocol in anattempt to transmit a data frame to a node in VLAN 210. Switch 200receives the data frame from node 106 over dedicated communicationsmedium 105 and transfers it to router 100 via communications medium 102.Router 100, not being able to route DEC LAT traffic, may bridge the dataframe back to switch 200 via communications medium 101. Switch 200receives the data frame and, because the data frame is bridged insteadof routed, the source MAC address is unchanged. Switch 200 has nowreceived on both ports 205 (in VLAN 220) and 207 (in VLAN 210) a dataframe having the MAC address for node 106, and cannot, therefore,unambiguously determine over which port node 106 is connected, or whichVLAN should be associated with node 106. Therefore, switch 200 is unableto inform switch 300 of which VLAN should be associated with the MACaddress of node 106.

Another circumstance which creates difficulties in establishing a MACaddress to VLAN mapping is when a routing protocol, e.g., the DecNetrouting protocol, transmits data frames using the same source MACaddress on both communications mediums 101 and 102.

Yet another drawback of the configuration of data network 10 asillustrated in FIG. 2A is that a communications link is needed betweennetwork switch 200 and router 100 for each virtual local area network(VLAN). As the number of physical LAN segments and VLAN segmentsincrease, and as the distance between LANs increase necessitatingutilization of metropolitan- and wide-area communicationsmediums/facilities, the monetary and administrative expense required tomaintain data network 10 also increases. As illustrated in FIG. 3, onemeans of reducing this expense is to combine multiple communicationslinks into a single shared communications medium 300 between switch 200and router 100. The same problems which prevented switch 300 in FIG. 2Bfrom reliably determining the proper VLAN for frames received oversegment 190 also prevent switch 200 in FIG. 3 from reliably associatingVLANs with data frames received over segment 300. Thus, a means isneeded to identify the virtual local area network (VLAN) from which aframe originated when transferring the frame over a communicationsmedium shared among multiple VLANs.

One such prior art method identifying the VLAN associated with a MACaddress of a node involves creating and maintaining a lookup table oneach network device in the data network. The lookup table containsentries associating the MAC address of a node with the port on thenetwork device over which the node is reachable. The node may be coupledto a shared or dedicated communications medium which is further coupledto the port. Each entry also contains a VLAN identifier identifying thevirtual local area network (VLAN) assigned to the port. If multiplenetwork devices exist in the data network, as illustrated in FIG. 3,they may utilize a protocol to exchange lookup tables so that eachdevice knows which VLAN is assigned to each port on each device and whatnodes (identified by their respective MAC addresses) are reachable viaeach port as well as which nodes belong to the same VLAN and areallowed, therefore, to communicate with each other.

A prior art method of reliably identifying the VLAN from which a dataframe originated utilizes a management defined field (MDF) of an IEEEstandard 802.10 Secure Data Exchange (SDE) Protocol Data Unit (PDU). TheMDF allows the transfer of proprietary information that may facilitatethe processing of a data frame. The prior art method uses the MDF tostore a VLAN identifier as the data frame is transferred from a networkdevice over a communications medium shared among multiple VLANs so thatwhen another network device receives a data frame from the sharedcommunications medium, it can determine the VLAN associated with thedata frame and determine whether to forward the frame accordingly,depending on the VLANs configured for each port on the network device.

FIG. 4 illustrates the frame format for an IEEE 802.3 MAC/802.10 SDEdata frame utilizing the MDF to identify the VLAN associated with thedata frame. Portion 401 of data frame 400 is the IEEE 802.3 media accesscontrol (MAC) header, comprising a 6 byte destination MAC address field,and 6 byte source MAC address field, and a 2 byte length field. Portion402 indicates the IEEE 802.10 secure data exchange (SDE) clear header,comprising the SDE designator field 404 containing a special destinationservice access point (DSAP), source service access point (SSAP), andcontrol field for SDE frames, a security association identifier (SAID)field 405, and the management defined field (MDF) 406. The remainder ofthe original data frame, comprising its IEEE 802.2 LLC header followedby the user data, is included in field 403.

A VLAN identifier representing the VLAN associated with the data framereceived by the network device is placed in the MDF 406 by the MAC layerand other relevant hardware and software in the network device. When theframe is subsequently transmitted across a shared communications medium,such as when switch 300 of FIG. 2B forwards over shared communicationsmedium 190 a data frame destined for a node coupled to a port associatedwith a different VLAN on switch 200, switch 200 is able to determine theVLAN from which the data frame was received by switch 300 and forward itaccordingly to router 100 (if, indeed, inter-VLAN communication isrequired). Router 100 then routes the data frame back to switch 200,where switch 200 then determines whether to forward the frame to theappropriate port based on the VLAN identifier in the MDF and destinationMAC address in the destination MAC address field.

However, the frame format illustrated in FIG. 4 supports only the IEEE802.3 media access control standards. An Ethernet-based data frame isconsidered nonstandard by the IEEE, and, therefore, cannot utilize theIEEE 802.10 header, or any other IEEE based header to preserve the VLAN,except through the use of an additional layer of encapsulation. IEEERecommended Practice 802.1H is one way of performing this additionalencapsulation. This extra layer of encapsulation reduces the efficiencyof bandwidth utilization and adds complexity to the implementation.Thus, a method and frame format for identifying the VLAN associated witha data frame received at a network switch from either an Ethernet LAN oran IEEE 802.3 LAN is needed to support the existing infrastructure ofEthernet networks in a data network transmitting data frames frommultiple VLANs across a shared communications medium. This will allowcompatibility with Ethernet-based nodes on the same shared media withnodes supporting VLAN identification.

SUMMARY OF THE DISCLOSURE

The present invention relates to a method and frame format forpreserving in a data frame as the data frame is transmitted across acommunications medium shared among a plurality of virtual local areanetworks (VLANs), the VLAN which was associated with the data frame atthe point where it entered the network. The method supports existingdata network infrastructures, including Ethernet based data networkinfrastructures.

According to one aspect of the invention, a data frame format extendsthe traditional Ethernet frame format to accommodate a VLAN header. Inone embodiment, a unique Ethernet type field value is used to identifythe data frame as having a VLAN header inserted between the Ethernettype field and the user data field. In another embodiment, the uniqueEthernet type field value is used to identify the data frame as having aVLAN header inserted prior to the Ethernet type field of the originalEthernet frame.

The original Ethernet type field or the length field of an IEEE 802.3data frame is preserved when the data frame is transferred from a sharedcommunications medium to a dedicated communications medium, as whenhappens when a network switch receives the data frame over sharedcommunications medium coupling the network switch to another networkswitch, and transmits the data frame over a dedicated communicationsmedium coupling the network switch to a node.

The VLAN header comprises a VLAN identifier field that identifies theVLAN associated with the frame at the point at which the data frame wasreceived by a network switch. In one embodiment, the VLAN header isfurther comprised of a VLAN identifier type and/or a VLAN identifierlength field, both of which precede the VLAN identifier field andrespectively specify a format and length of the subsequent VLANidentifier field.

Thus it is an object of the present invention to provide a method andframe format for identifying the VLAN associated with a data framereceived at a network switch from an Ethernet or IEEE 802.3 LAN. This isneeded to support the existing infrastructure of Ethernet networks in adata network transmitting data frames from multiple VLANs across ashared communications medium. This will allow compatibility with bothIEEE 802.3-based and traditional Ethernet-based nodes on the same sharedmedia with nodes supporting VLAN identification as well.

It is another object of the present invention to provide a data frameformat that allows for inclusion of a VLAN identifier field that doesnot extend the MAC frame so far as to require fragmentation to avoidambiguity between Ethernet and IEEE 802.3 frame types.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and notlimitation in the following figures. Like references indicate similarelements, in which:

FIG. 1 illustrates a prior art data network topology.

FIG. 2A illustrates a prior art data network topology utilizing virtuallocal area networks.

FIG. 2B illustrates a prior art data network topology utilizing virtuallocal area networks and shared communications media between networkdevices.

FIG. 3 further illustrates a prior art data network topology utilizingvirtual local area networks and shared communications media betweennetwork devices.

FIG. 4 illustrates the IEEE 802.3 MAC/802.1 SDE frame format as may beutilized in the prior art.

FIG. 5(a) illustrates an Ethernet frame format.

FIG. 5(b) illustrates a modified Ethernet frame format as may beutilized by the present invention.

FIG. 5(c) illustrates a modified Ethernet frame format as may beutilized by the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS OF THE INVENTION

Described herein is a method and frame format for preserving in a dataframe the virtual local area network (VLAN) associated with the dataframe when transmitting the data frame over a communications mediumshared among multiple VLANs. In the following description, numerousspecific details are set forth in order to provide a thoroughunderstanding of the present invention. It will be apparent, however, toone of ordinary skill in the art that the present invention may bepracticed without these specific details. In other instances, well-knownstandards, frame format details, and techniques have not been shown inorder not to unnecessarily obscure the present invention.

As network switching becomes more prevalent in data networks, and inparticular, local area networks, it is desirable to segment data trafficinto groups of virtual local area networks (VLANs), as discussed above.Generally, the MAC address of each node, as determined by the contentsof the source MAC address field of a data frame transmitted by the node,is mapped to, or associated with, a VLAN assigned to the port of anetwork device (e.g., a network switch) at which the data frame entersthe switched network. The method by which the network device forwardsthe data frame varies depending on whether the target node (asdetermined by the MAC address in the destination MAC address field ofthe data frame) resides on the same or different VLAN as the sourcenode. It may be desirable to use a standard shared communications mediumsuch as IEEE standard 10BASE-F or 100BASE-T for a backbone transmissionfabric between network devices in a switched network. However, unlessseparate cables are use for each VLAN, the VLAN association of each dataframe cannot be determined when the data frame is transmitted over theshared communications medium. A means for identifying, or preserving,the VLAN associated with each data frame when transmitting the dataframes over a shared communications medium is needed.

The method described herein provides for a shared communications mediumfor transferring data frames from multiple virtual local area networks(VLANs) while preserving the VLAN associated with each frame, regardlessof whether the data network supports the interconnection of Ethernet orIEEE standard 802.3 nodes.

FIG. 5(a) illustrates the data frame format for an Ethernet network.Like the IEEE standard 802.3 frame format, the Ethernet frame formatbegins with a 6 byte destination MAC address field followed by a 6 bytesource MAC address field. However, unlike the IEEE standard 802.3 frameformat, a 2 byte Ethernet type (ETYPE) field 503 follows the source MACaddress field. The ETYPE field indicates the protocol type of the nextupper layer protocol header which begins immediately following the ETYPEfield (e.g., 0800(h) indicates the IP network layer protocol). The datafield 504 comprises any upper layer protocol information and user data,all of which is considered data from the perspective of the MACsublayer. Finally, a frame check sequence (FCS) field 505, comprising a32-bit cyclical redundancy check (CRC) of the contents of fields 501,502, 503 and 504, completes the data frame.

An IEEE 802.3 frame format also begins with a 6 byte destination MACaddress field followed by a 6 byte source MAC address field. As is wellknown to those of skill in the art, a 2 byte LENGTH field follows thesource MAC address field. It should be noted that the present invention,although based on a modification of the Ethernet frame format describedabove, applies equally well when the original frame is an IEEE802-standard format (e.g., IEEE 802.3). In such a case, the fieldfollowing the MAC source address contains not the protocol type of anupper layer protocol, but a value indicating the length of the datafield, as discussed above. The present invention preserves the value inthat field in a new extended Ethernet frame format, but makes no otheruse of it, and is, therefore, not sensitive to whether the fieldcontains protocol type or length information.

FIG. 5(b) illustrates a data frame format that may be utilized by oneembodiment of the present invention. The frame format extends theEthernet frame format illustrated in FIG. 5(a) to accommodate a virtuallocal area network (VLAN) header 514, along with its associated VTYPEfield 513. FIG. 5(b) illustrates a virtual type (VTYPE) field 513. VTYPEfield 513 is inserted after the source MAC address field 512 and beforethe ETYPE field 520 of an Ethernet data frame or the length field of anIEEE 802.3 data frame. The virtual type (VTYPE) field 513 identifies theremainder of the frame as an extended Ethernet frame comprising a VLANheader 514 inserted, for example, after the Ethernet type field 520 andbefore the data field 515 shown in FIG. 5(b).

The contents of the ETYPE field 503 in FIG. 5(a), or the length field ofan IEEE 802.3-based data frame is retained. Location 503 in FIG. 5(a)becomes location 520 in FIG. 5(b). The ETYPE field at location 520returns back to location 503 in FIG. 5(a) when the data frame istransferred from a shared communications medium used to transmit dataframes for multiple VLANs to a dedicated communications medium used totransmit data frames for a single VLAN.

A VLAN identifier type (VLAN ID TYPE) field and VLAN identifier length(VLAN LEN) field are present at locations 521 and 522, respectively.These two fields are used in combination to specify the format of theVLAN identifier (VLAN ID) field 523. Although this embodiment of thepresent invention utilizes only one type and length of VLAN ID field, isit foreseeable that multiple types of VLAN identifiers may be utilized,and that such identifiers may be of varying lengths, depending on theinformation conveyed by such identifiers, in which case, a networkdevice receiving the data frame should check the VLAN ID TYPE and VLANLEN fields and determine whether to accept or reject the data frame. Inthe event multiple VLAN ID TYPEs are utilized, it is envisioned that theVLAN ID TYPE values will be dispensed by an administrative authority.

The VLAN identifier length (VLAN LEN) field specifies the length of theVLAN identifier field in bytes. In this embodiment, the VLAN identifierfield is 4 bytes in length. It is envisioned that the length of the VLANidentifier field will be a multiple of 4 bytes to maintain wordalignment of fields in the data frame.

The VLAN identifier (VLAN ID) field 523 identifies the VLAN associatedwith the data frame. A network administrator or similar network wideauthority is required to dispense values on a dynamic basis whenconfiguring the virtual networks of the data network.

A new FCS 516 is calculated and replaces the prior FCS 505. FCS 516performs a CRC on the destination and source MAC address fields, VTYPEfield, ETYPE field, VLAN header, and data field.

While one embodiment has been described wherein the VLAN header 514comprises the VLAN ID TYPE field, the VLAN identifier length (VLAN LEN)field, and the VLAN identifier (VLAN ID) field, alternative embodimentsdo not necessarily utilize such a VLAN header. For example, in oneembodiment, the ETYPE field 503 in FIG. 5(a), or the length field of anIEEE 802.3-based data frame is contained in the VLAN header. In otherwords, the VLAN header 514 includes the location 520 wherein the valuein the ETYPE field 503 in FIG. 5(a), or the length field of an IEEE802.3-based data frame is preserved. In other embodiments, the VLANheader does not contain one or both of the VLAN ID TYPE field and theVLAN identifier length (VLAN LEN) field. Thus, the VLAN header cancontain any number of fields in addition to the VLAN identifier (VLANID) field. It is appreciated that the format of the VLAN header can bedifferentiated by assignment of differing values to VTYPE field 513.

The extended Ethernet frame format illustrated in FIG. 5(b) may beutilized in the following manner. A network device (e.g., a networkswitch) has been configured so that a virtual local area networkidentifier representing a virtual local area network is assigned to eachport on the network device. A data frame utilizing the Ethernet frameformat (see FIG. 5(a)) or IEEE 802.3-based frame format may betransmitted by a node over a dedicated communications medium to thenetwork switch. The network switch receives the data frame at a portcoupled to the dedicated communications medium. At that time, or priorto transmitting the data frame over a shared communications medium toanother network device, the network switch inserts a VTYPE field 513between the source MAC address field 512 and the ETYPE field or lengthfield 520 (depending on the frame format). The network switch theninserts a VLAN header between the ETYPE field or length field and datafield of the data frame. The value originally in the ETYPE field 503 (orlength field in the case of an IEEE 802.3-based frame formal) of FIG.5(a) is retained in ETYPE/Length field 520 as shown in FIG. 5(b). Avalue is placed in the VTYPE field 513 identifying the frame ascontaining VLAN identifier information (VTYPE 513). If utilized, a VLANidentifier type and VLAN identifier length field is inserted in VLANheader 514 at 521 and 522. Finally, the VLAN identifier associated withthe data frame is placed in the VLAN identifier field 523. The dataframe now having an extended Ethernet frame format is then transmittedover a shared communications medium.

Upon receiving the data frame, a network device processes the dataframe. It determines the MAC address of a target node based on thecontents of the destination MAC address field 511. Following the sourceMAC address field 512, the device then detects the presence of a VLANheader based on the contents of the VTYPE field, and determines the VLANidentifier associated with the data frame based on the contents of theVLAN identifier field. If a port on the network device which is eligibleto receive the frame based on the destination MAC address is assignedthe same VLAN identifier as the data frame, the network device thenremoves the VTYPE field and VLAN header from the data frame, calculatesa new FCS for the data frame, and transmits the data frame out the portover a dedicated communications medium to the target node.

FIG. 5(c) illustrates a data frame format that may be utilized by analternative embodiment of the present invention. The frame format alsoextends the Ethernet frame format illustrated in FIG. 5(a) or an IEEE802.3-based frame format, as did the frame format in FIG. 5(b), toaccommodate a virtual local area network (VLAN) header 514. A virtualtype (VTYPE) field 513 and VLAN header 514 is inserted between thesource MAC address field 512 and ETYPE field 520 of an Ethernet dataframe (or the length field of IEEE 802.3-based data frame) torespectively identify the frame as an extended Ethernet frame, andprovide the VLAN identifier. Unlike the embodiment described inreference to FIG. 5(b) wherein the ETYPE/Length field 520 follows theVTYPE field 513 and precedes the VLAN header 514 in the data frame, theVLAN header 514 is inserted between the VTYPE field 513 and theETYPE/Length field 520 such that the ETYPE field 520 follows the VTYPEfield 513 and VLAN header 514.

The extended Ethernet frame format illustrated in FIG. 5(c) may beutilized in a similar manner as the previously described embodiments ofthe invention. For example, when a network switch receives the dataframe at a port coupled to the dedicated communications medium, at thattime, or prior to transmitting the data frame over a sharedcommunications medium to another network device, the network switchinserts, at a location following the source address field 512, the VTYPEfield 513. A value in the VTYPE 513 indicates the presence of a VLANheader. The network switch also inserts the VLAN header 514 followingthe VTYPE field 513. The data frame, now having an extended Ethernetframe format, can be transmitted over a shared communications medium.

Upon receiving the data frame, a network device processes the dataframe. It determines the MAC address of a target node based on thecontents of the destination MAC address field 511, and the MAC addressof a source node based on the contents of the source MAC address field512. The device then processes the VTYPE field 513. In processing theVTYPE field 513, the device detects the presence of the VLAN header 514,and determines the format of the VLAN identifier (VLAN ID) field 523associated with the data frame from the VLAN identifier type (VLAN IDTYPE) field 521 and the VLAN identifier length (VLAN LEN) field 522.Subsequent to processing the VLAN header 514, the network devicecontinues processing the data frame as is would process a non-VLANframe.

While one embodiment has been described wherein a VLAN identifier typefield is followed by a VLAN length field in the VLAN header, alternativeembodiments of the invention do not necessarily use one or both of thesefields, or may specify a VLAN length field followed by a VLAN identifiertype field in a VLAN header. Thus, it is appreciated that the embodimentillustrated in FIG. 5(c) can be modified in any number of ways, as longas a VTYPE field is followed, in order, by a VLAN identifier field andan Ethernet type field (or length field for IEEE 802.3-based dataframes).

There are, of course, other alternatives to the described embodiments ofthe invention which are within the understanding of one of ordinaryskill in the relevant art. For example, the type of network switch whichhas a single VLAN identifier associated with each port and assumes thata data frame received on a port is destined for the VLAN associated withthat port is just one type of network switch. Network switches maypresent more sophisticated methods of handling VLANs. In the generalcase, when a data frame is received from an end station on a networkswitch port, the switch will apply a set of rules to determine the VLANto which that data frame should be forwarded. The rules can include suchthings as the port number at which a data frame is received, the dataframe's ISO Layer 3 protocol type, the data frame's MAC or network layersource address, time of day, etc. More importantly, the first VLAN awarenetwork switch to receive the data frame should apply its rules andassign the data frame to a VLAN. Thus, the present invention is intendedto be limited only by the claims presented below.

Thus, what has been described is a method and frame format forpreserving in a data frame the virtual local area network (VLAN)associated with a port on a network device from which the data frame wasreceived when transmitting the data frame over a shared communicationsmedium.

We claim:
 1. A method of identifying a virtual network associated with adata frame when transmitting said data frame between a communicationsmedium and a shared communications medium, comprising the steps of: a)receiving said data frame from said communications medium, said dataframe comprising a first type field and a data field; b) inserting asecond type field at a location within said data frame preceding saidfirst type field, said second type field indicating said data framecomprises a virtual network identifier field; c) inserting said virtualnetwork identifier field at a location between said second typo fieldand said first type field; d) assigning a first value to said virtualnetwork identifier field, said first value corresponding to said virtualnetwork; and e) transmitting said data frame over said sharedcommunications medium.
 2. The method of claim 1, further comprising thesteps of: 1) inserting between said second type field and said virtualnetwork identifier field a virtual network identifier type field; and 2)assigning a second value to said virtual network identifier type fieldindicating a type of said first value in said virtual network identifierfield.
 3. The method of claim 1, further comprising the steps of: 1)inserting between said second type field and said virtual networkidentifier field a virtual network identifier length field; and 2)assigning a second value to said virtual network identifier length fieldindicating a length of said first value in said virtual networkidentifier field.
 4. The method of claim 1 wherein said virtual networkidentifier field is 4 bytes.
 5. The method of claim 1 wherein saidvirtual network identifier field is a multiple of 4 bytes.
 6. The methodof claim 1 wherein said first type field indicates a protocol type.
 7. Amethod of identifying a virtual network associated with a data framewhen transmitting said data frame between a communications medium and ashared communications medium, comprising the steps of: a) receiving saiddata frame from said communications medium, said data frame comprising alength field and a data field; b) inserting a type field at a locationwithin said data frame preceding said length field, said type fieldindicating said data frame comprises a virtual network identifier field;c) inserting said virtual network identifier field at a location betweensaid type field and said length field; d) assigning a first value tosaid virtual network identifier field, said first value corresponding tosaid virtual network; and e) transmitting said data frame over saidshared communications medium.
 8. The method of claim 7, furthercomprising the steps of: 1) inserting between said type field and saidvirtual network identifier field a virtual network identifier typefield; and 2) assigning a second value to said virtual networkidentifier type field indicating a type of said first value in saidvirtual network identifier field.
 9. The method of claim 7, furthercomprising the steps of: 1) inserting between said type field and saidvirtual network identifier field a virtual network identifier lengthfield; and 2) assigning a second value to said virtual networkidentifier length field indicating a length of said first value in saidvirtual network identifier field.
 10. The method of claim 8 wherein saidvirtual network identifier field is a multiple of 4 bytes.
 11. In anetwork device, a method of transmitting a virtual network identifier ina data frame transmitted on a shared communications medium coupled tosaid network device, comprising: a) transmitting a preamble field; b)transmitting a destination and source media access control addressfield; c) transmitting a first type field whose contents indicate saidvirtual network identifier is present in said data frame; d)transmitting a virtual network identifier field containing said virtualnetwork identifier; e) transmitting a second type field whose contentsindicate a protocol type associated with said data frame; and, f)transmitting a data field.
 12. The method of claim 11 wherein saidvirtual network identifier field is 4 bytes.
 13. In a network devicehaving a first port coupled to a local area network (LAN) segment and asecond port coupled to a shared communications medium, a method ofassociating a virtual network with a data frame received from said LANsegment and transmitted to said shared communications medium,comprising: a) receiving said data frame at said first port, said dataframe comprising a type field and a data field; b) replacing a firstvalue in said type field representing a protocol type with a secondvalue indicating said data frame comprises a virtual network identifierfield; c) inserting said virtual network identifier field in said dataframe between said type field containing said second value and said datafield; d) assigning a value representing said virtual network to saidvirtual network identifier field; and e) transmitting said data framefrom said second port.
 14. The method of claim 13 further comprising: a)inserting a new type field between said virtual network identifier fieldand said data field; and b) assigning said first value representing saidprotocol type to said new type field to preserve said protocol type. 15.The method of claim 13 wherein said virtual network identifier field is4 bytes.
 16. The method of claim 13 wherein said virtual network asidentifier field is a multiple of 4 bytes.
 17. A method of transmittinga data frame to a virtual network associated with the data frame, thedata frame being transmitted between a communications medium and ashared communications medium, the method comprising: a) receiving thedata frame, the data frame comprising a type field, and a virtualnetwork header including a virtual network identifier field and at leastone other field, the type field having a value indicating that the dataframe is associated with a virtual network, and the virtual networkidentifier field having a virtual network identifier field valuecorresponding to the virtual network; b) reading the type field anddetermining that the data frame is associated with a virtual network; c)in response to determining that the data frame is associated with avirtual network, reading the virtual network identifier field value todetermine the virtual network with which the data frame is associated;and d) transmitting the data frame at least toward the virtual networkcorresponding to the virtual network identifier field value.
 18. Themethod of claim 17 wherein the virtual network identifier field value isin one of a plurality of formats, and the method further comprisesdetermining which format the virtual network identifier field value isin based upon a value of the type field, and using the determined formatto determine the virtual network identifier field value.
 19. The methodof claim 17 wherein the virtual network header further includes at leastone of a virtual network identifier type field having a value indicativeof a type of the virtual network identifier field and a virtual networkidentifier length field having a value indicative of a length of thevirtual network identifier field, the method further comprising readingthe at least one of the virtual network identifier type field and thevirtual network identifier length field.
 20. The method of claim 19wherein the virtual network header includes the virtual networkidentifier type field, the method further comprising reading the virtualnetwork identifier type field to determine a format of the virtualnetwork identifier field value and using the determined format todetermine the virtual network identifier field value.
 21. The method ofclaim 17 wherein the at least one other field includes a plurality ofother fields.
 22. A method of transmitting a data frame to a virtualnetwork associated with the data frame, the data frame being transmittedbetween a communications medium and a shared communications medium, themethod comprising: a) receiving the data frame, the data framecomprising a type field, and a virtual network header having anassociated format and including a virtual network identifier field, thetype field having a value indicating which of a plurality of formats theassociated format is and that the data frame is associated with avirtual network, and the virtual network identifier field having avirtual network identifier field value corresponding to the virtualnetwork; b) reading the type field and determining that the data frameis associated with a virtual network and determining the format; c) inresponse to determining that the data frame is associated with a virtualnetwork and determining the format, reading the virtual networkidentifier field in accordance with the determined format to determinethe virtual network with which the data frame is associated; and d)transmitting the data frame at least toward the virtual networkcorresponding to the virtual network identifier field value.
 23. Themethod of claim 22 wherein the associated format is a format of thevirtual network identifier field value.
 24. The method of claim 17,wherein transmitting the data frame at least toward the virtual networkcorresponding to the virtual network identifier field value comprisesforwarding at least part of the received data frame on a port selectedbased at least in part on the value of the virtual network identifierfield.
 25. The method of claim 24 wherein, when the port selected basedat least in part on the value of the virtual network identifier field isconnected to a dedicated communications medium, forwarding at least partof the received data frame comprises: removing the type field and thevirtual network identifier field from the data frame; and forwarding thedata frame without the type field and without the virtual networkidentifier field on the selected port.
 26. The method of claim 25,wherein the dedicated communications medium is dedicated to a virtualnetwork associated with the value of the virtual network identifierfield.
 27. The method of claim 25, wherein forwarding the data framewithout the type field and without the virtual network identifier fieldcomprises: calculating a frame check sequence for the data frame withthe type field and the virtual network identifier field removed; andforwarding the data frame with the calculated frame check sequence. 28.The method of claim 24 wherein, when a port which is eligible to receivethe data frame based on a destination media access control address isassigned a virtual network identifier corresponding to the value of thevirtual network identifier field of the data frame, forwarding at leastpart of the received data frame comprises: removing the type field andthe virtual network identifier field from the data frame; and forwardingthe data frame without the type field and without the virtual networkidentifier field on the port.
 29. The method of claim 28, whereinforwarding the data frame without the type field and without the virtualnetwork identifier field comprises: calculating a frame check sequencefor the data frame with the type field and the virtual networkidentifier field removed; and forwarding the data frame with thecalculated frame check sequence.
 30. The method of claim 22, whereintransmitting the data frame at least toward the virtual networkcorresponding to the virtual network identifier field value comprisesforwarding at least part of the received data frame on a port selectedbased at least in part on the value of the virtual network identifierfield.
 31. The method of claim 30 wherein, when the port selected basedat least in part on the value of the virtual network identifier field isconnected to a dedicated communications medium, forwarding at least partof the received data frame comprises: removing the type field and thevirtual network identifier field from the data frame; and forwarding thedata frame without the type field and without the virtual networkidentifier field on the selected port.
 32. The method of claim 31wherein the dedicated communications medium is dedicated to a virtualnetwork associated with the value of the virtual network identifierfield.
 33. The method of claim 31 wherein forwarding the data framewithout the type field and without the virtual network identifier fieldcomprises: calculating a frame check sequence for the data frame withthe type field and the virtual network identifier field removed; andforwarding the data frame with the calculated frame check sequence. 34.The method of claim 30 wherein, when a port which is eligible to receivethe data frame based on a destination media access control address isassigned a virtual network identifier corresponding to the value of thevirtual network identifier field of the data frame, forwarding at leastpart of the received data frame comprises: removing the type field andthe virtual network identifier field from the data frame; and forwardingthe data frame without the type field and without the virtual networkidentifier field on the port of the network device.
 35. The method ofclaim 34, wherein forwarding the data frame without the type field andwithout the virtual network identifier field comprises: calculating aframe check sequence for the data frame with the type field and thevirtual network identifier field removed; and forwarding the data framewith the calculated frame check sequence.